Warning: Permanently added '10.128.10.35' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 29.783422] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 29.815354] ================================================================== [ 29.822947] BUG: KASAN: use-after-free in ext4_write_inline_data+0x2ae/0x380 [ 29.830140] Write of size 70 at addr ffff8880ab9bf016 by task syz-executor858/7980 [ 29.837877] [ 29.839488] CPU: 0 PID: 7980 Comm: syz-executor858 Not tainted 4.14.231-syzkaller #0 [ 29.847350] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 29.856692] Call Trace: [ 29.859260] dump_stack+0x1b2/0x281 [ 29.862885] print_address_description.cold+0x54/0x1d3 [ 29.868158] kasan_report_error.cold+0x8a/0x191 [ 29.872805] ? ext4_write_inline_data+0x2ae/0x380 [ 29.877626] kasan_report+0x6f/0x80 [ 29.881230] ? ext4_write_inline_data+0x2ae/0x380 [ 29.886050] memcpy+0x35/0x50 [ 29.889132] ext4_write_inline_data+0x2ae/0x380 [ 29.893803] ext4_write_inline_data_end+0x1d3/0x490 [ 29.898798] ? ext4_try_to_write_inline_data+0x1590/0x1590 [ 29.904401] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 29.909839] ext4_write_end+0x18d/0xca0 [ 29.913801] ext4_da_write_end+0x6da/0x8e0 [ 29.918543] generic_perform_write+0x268/0x420 [ 29.923106] ? __mnt_drop_write_file+0x5f/0x90 [ 29.927692] ? filemap_page_mkwrite+0x2d0/0x2d0 [ 29.932358] ? current_time+0xb0/0xb0 [ 29.936225] ? ext4_file_write_iter+0x1cc/0xd20 [ 29.940891] __generic_file_write_iter+0x227/0x590 [ 29.945821] ext4_file_write_iter+0x276/0xd20 [ 29.950322] ? aa_file_perm+0x304/0xab0 [ 29.954279] ? ext4_file_read_iter+0x330/0x330 [ 29.958848] ? trace_hardirqs_on+0x10/0x10 [ 29.963148] ? iov_iter_init+0xa6/0x1c0 [ 29.967101] __vfs_write+0x44c/0x630 [ 29.970824] ? kernel_read+0x110/0x110 [ 29.974700] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 29.979703] vfs_write+0x17f/0x4d0 [ 29.983243] SyS_write+0xf2/0x210 [ 29.986693] ? SyS_read+0x210/0x210 [ 29.990315] ? do_syscall_64+0x4c/0x640 [ 29.994274] ? SyS_read+0x210/0x210 [ 29.997881] do_syscall_64+0x1d5/0x640 [ 30.001753] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 30.006942] RIP: 0033:0x449ce9 [ 30.010109] RSP: 002b:00007f2cf7f332f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 30.017795] RAX: ffffffffffffffda RBX: 00000000004cc4c0 RCX: 0000000000449ce9 [ 30.025130] RDX: 0000000000000082 RSI: 0000000020000180 RDI: 0000000000000007 [ 30.032414] RBP: 000000000049c064 R08: 0000000000000000 R09: 0000000000000000 [ 30.039681] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e [ 30.046945] R13: 000000000049b060 R14: 0000000300000002 R15: 00000000004cc4c8 [ 30.054225] [ 30.055836] Allocated by task 1: [ 30.059182] kasan_kmalloc+0xeb/0x160 [ 30.063000] kmem_cache_alloc+0x124/0x3c0 [ 30.067144] getname_flags+0xc8/0x550 [ 30.070922] do_sys_open+0x1ce/0x410 [ 30.074615] do_syscall_64+0x1d5/0x640 [ 30.078495] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 30.083657] [ 30.085276] Freed by task 1: [ 30.088286] kasan_slab_free+0xc3/0x1a0 [ 30.092250] kmem_cache_free+0x7c/0x2b0 [ 30.096205] putname+0xcd/0x110 [ 30.099462] do_sys_open+0x203/0x410 [ 30.103180] do_syscall_64+0x1d5/0x640 [ 30.107046] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 30.112207] [ 30.113816] The buggy address belongs to the object at ffff8880ab9be540 [ 30.113816] which belongs to the cache names_cache of size 4096 [ 30.126553] The buggy address is located 2774 bytes inside of [ 30.126553] 4096-byte region [ffff8880ab9be540, ffff8880ab9bf540) [ 30.138669] The buggy address belongs to the page: [ 30.143581] page:ffffea0002ae6f80 count:1 mapcount:0 mapping:ffff8880ab9be540 index:0x0 compound_mapcount: 0 [ 30.153549] flags: 0xfff00000008100(slab|head) [ 30.158150] raw: 00fff00000008100 ffff8880ab9be540 0000000000000000 0000000100000001 [ 30.166092] raw: ffffea0002b0ab20 ffffea00026e5220 ffff88823f8bb200 0000000000000000 [ 30.173948] page dumped because: kasan: bad access detected [ 30.180169] [ 30.181770] Memory state around the buggy address: [ 30.186694] ffff8880ab9bef00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.194028] ffff8880ab9bef80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.201449] >ffff8880ab9bf000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.208870] ^ [ 30.212749] ffff8880ab9bf080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.220100] ffff8880ab9bf100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.227450] ================================================================== [ 30.234784] Disabling lock debugging due to kernel taint [ 30.240493] Kernel panic - not syncing: panic_on_warn set ... [ 30.240493] [ 30.247869] CPU: 0 PID: 7980 Comm: syz-executor858 Tainted: G B 4.14.231-syzkaller #0 [ 30.256980] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 30.266327] Call Trace: [ 30.268919] dump_stack+0x1b2/0x281 [ 30.272579] panic+0x1f9/0x42d [ 30.275765] ? add_taint.cold+0x16/0x16 [ 30.279754] kasan_end_report+0x43/0x49 [ 30.283707] kasan_report_error.cold+0xa7/0x191 [ 30.288359] ? ext4_write_inline_data+0x2ae/0x380 [ 30.293195] kasan_report+0x6f/0x80 [ 30.296819] ? ext4_write_inline_data+0x2ae/0x380 [ 30.301642] memcpy+0x35/0x50 [ 30.304740] ext4_write_inline_data+0x2ae/0x380 [ 30.309394] ext4_write_inline_data_end+0x1d3/0x490 [ 30.314398] ? ext4_try_to_write_inline_data+0x1590/0x1590 [ 30.320982] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 30.326415] ext4_write_end+0x18d/0xca0 [ 30.330370] ext4_da_write_end+0x6da/0x8e0 [ 30.334585] generic_perform_write+0x268/0x420 [ 30.339261] ? __mnt_drop_write_file+0x5f/0x90 [ 30.343934] ? filemap_page_mkwrite+0x2d0/0x2d0 [ 30.348591] ? current_time+0xb0/0xb0 [ 30.352369] ? ext4_file_write_iter+0x1cc/0xd20 [ 30.357076] __generic_file_write_iter+0x227/0x590 [ 30.362024] ext4_file_write_iter+0x276/0xd20 [ 30.366499] ? aa_file_perm+0x304/0xab0 [ 30.370452] ? ext4_file_read_iter+0x330/0x330 [ 30.375029] ? trace_hardirqs_on+0x10/0x10 [ 30.380040] ? iov_iter_init+0xa6/0x1c0 [ 30.384011] __vfs_write+0x44c/0x630 [ 30.387711] ? kernel_read+0x110/0x110 [ 30.391649] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 30.396666] vfs_write+0x17f/0x4d0 [ 30.400199] SyS_write+0xf2/0x210 [ 30.403721] ? SyS_read+0x210/0x210 [ 30.407327] ? do_syscall_64+0x4c/0x640 [ 30.412243] ? SyS_read+0x210/0x210 [ 30.415848] do_syscall_64+0x1d5/0x640 [ 30.420525] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 30.425711] RIP: 0033:0x449ce9 [ 30.429835] RSP: 002b:00007f2cf7f332f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 30.439102] RAX: ffffffffffffffda RBX: 00000000004cc4c0 RCX: 0000000000449ce9 [ 30.446375] RDX: 0000000000000082 RSI: 0000000020000180 RDI: 0000000000000007 [ 30.453639] RBP: 000000000049c064 R08: 0000000000000000 R09: 0000000000000000 [ 30.460887] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e [ 30.468145] R13: 000000000049b060 R14: 0000000300000002 R15: 00000000004cc4c8 [ 30.475899] Kernel Offset: disabled [ 30.479514] Rebooting in 86400 seconds..